1. Technical Field
Aspects of the example embodiments relate to privacy preservation tests for persistent authentication, and more specifically, to devices, method, and system for generation of an authentication hash or other one-way hard to invert function, and authentication based on the generated authentication hash, such that the answers to private questions are not revealed at the server side.
2. Related Art
A user may need to prove his or her identity in various situations during an authentication process of users for access and for recovery of accounts. To facilitate authentication or alternative methods for authentication (e.g. fault tolerant/recovery), users register factors (e.g., answer to questions specific to user's life and taste) with the server holding the access (e.g., account provider). Registration by the user including the answers may reveal private user information to the server. Unauthorized access to the server by a malicious party may reveal private user information to that malicious party. For example, that party (e.g., insider to the server organization or an outsider or a phishing attacker) may exploit the registered answers at other or the same account providers which may require similar answers, and impersonate the user.
For authentication, there is a need to allow the user to answer questions (or provide other private factors, such as biometric information, possessed information stored outside the systems, etc.), while for privacy reasons, not having the server verifying the information from the user to hold the private information.